A variety of weapons against SPAM that don't require laws

Here are the methods I have examined, and in many cases can endorse, in
the fight to stop SPAM, the
abuse of bulk E-mail. Most of these are systems already in use or just
coming into use. Some are new systems still being explored.

Whitelist or "secretary" style screening, where a
computerized secretary gives people you know faster access to you.

Some of these methods are only of partial effectiveness. The best
effective solution will come from a combination of techniques -- limiting
bulk mail for users of trial accounts, better ISP contracts, good filters,
whitelists and occasional use of blacklists, and recipient/customer revolt.

In the future, methods like a new bulk-mail protocol, E-stamps and the
use of digital signature could put the final nails in the coffin of spam.
In the meantime, going after spam that's already illegal, including fraudulent
offers and mail-relay abuse is also worthwhile.

Recipient Revolt

At first Spam was reacted to with ire by recipients, in E-mail and in the
physical world. This has helped significantly to scare more
legitimate companies away from using junk E-mail, and this is good.

Complaints to ISPs, while somewhat unfair to them, have pressured most
ISPs to develop anti-Spam policies and contracts.

It has also caused many Spammers to send their mail from fake addresses
or to simple ignore all E-mail response. The former turns out to have
a positive aspect -- fake domains can be detected and blocked.

It has also caused some, like Cyberpromotions, to wallow in the outrage for
the publicity it brings them. However, over time Cyberpromotions did give in.

It's also worth noting that once other methods eliminate a large proportion
of the Spam, recipient revolt can be far more effective against the
remaining items. When users get 30 per day, they feel "resistance is
futile." For just one, it is not.

People should start by just not doing business with abusers, and join
together in civilized complaint.

Customer Revolt

A very small minority of Spams come from places the recipient has had
contact with, such as web sites they gave their E-mail address to or
companies they have done business with.

Customers fortunately have power over companies, and revolt and anger
by customers is far more effective than anger at strangers.

Companies should be pushed to disclose what they will do with any
data they collect from a customer/user, and stick by that disclosure.
Users should be encouraged to pressure companies to join programs like
Trust-E to make sure they comply.

It should be noted that junk mail from parties with whom you have
a relationship is more abuse of that relationship than abuse of the net.
It's also more an issue of privacy rights and data collection procedures.

Don't patronize companies that abuse bulk E-mail, and publicise their
offense. Ask companies that collect E-mail addresses disclose what
they will do with them.

Filters

Pattern Filters

Many mail tools now can filter out mail or redirect based on analysis.
Some search for known patterns or the names of known junk mailers.
Some just look for generic items uncommon in regular E-mail such as
mail not directed at the user, or subject lines in all upper case.

Such systems are not a likely long-term solution. They can always be
gotten around. It's just a war of escalation. As long as the patterns
can be found out, as they can in any product, the mailers will learn not
to use them.

Domain filters

Many mailers now refuse mail from domains that don't exist. This is
reliable, but drives abusers simply to use real domains and addresses.
Totally anonymous mail becomes blocked

Blacklist Filters

Blacklist filters use databases of known abusers, and also filter unknown
addresses. A real-time blacklist system is in place at some sites to
block even the initial mail connection from known abusers. There is
a constant battle to keep such lists up to date, and the system is
somewhat wasteful. There is a significant risk of blacklisting innocents,
or those using the same ISPs as innocents.

Some judge that the risk of blacklisting the ISPs of innocents is an
acceptable cost, as it pressures those ISPs.

Real Time Filters

A company called BrightMail has
developed a system that uses "spam bait" addresses to track bulk mail
abuses as they happen, and control filters at customer sites in real time
to block exactly those messages that are going to the bait addresses and
judged by their human staff to be spam. This is new, but can be quiet
effective against certain types of large-volume bulk mail abuse.

Whitelist Filters

Mailer programs learn all contacts of a user and let mail from those
contacts through directly. Mail from strangers is redirected to other
folders or challenged. It may be discarded if it matches certain patterns.

These systems are very effective, though there are some holes which can
be used by a determined abuser. The main cost is delay or redirection of
desired mail from strangers, as well as anonymous mail.

Address Tricks

Use special addresses in public

The name you use when you reveal your E-mail address in public in a newsgroup
or on a web site doesn't have to be your main, full-access mailbox. It's
possible to define aliases that get mail to you but are more heavily
filtered because they are exposed to the spammer's evil "address harvesting."
They can be used for a short time and eventually discarded.

These still slow down some legitimate mail from the outside world, of course.

Try using different aliaes to stop and track address harvesting, but
I don't recommend the use of entirely fake addresses (unless you need to
remain anonymous) as these just break the system for legitimate users.

Stop relay abuse

One fundamental step that's doing a lot is the fight against relay abuse.
Spammers take advantage of the fact that most systems, by default, are open,
and will relay mail from site to site as a courtesy. They get these sites
to do their bulk mail for them. Done in volume as it is, this may already
be criminal theft of
telecommunications, but it isn't stopping them.

Sites are closing up the open status. Another proposal is to have sites
refuse to accept mail that has been relayed unless the relay put in a
tag indicating they were willing. This would stop all relay abuse but
require everybody who does willing relaying (mailing list hosts) to put
in a tag.

Without relay abuse, Spammers need to use a lot more of their own
resources, and can't as easily use a slow connection.

This could be made stronger by having sites refuse to accept mail that has
been relayed unless the relayer has included a tag indicating their
assent. This requires all relayers to put in these assent tags.

Relay abuse is already illegal -- it should be stopped.

Voluntary Tags

Standards can be developed to tag bulk mail, providing headers or other
information listing the number of recipients of the mailing, whether the
recipient requested the mail, or whether the sender is personally known to the
recipient.

On their own, however, their value is limited.

Tagging can't do enough on its own and mandatory tagging is a bad idea.

Insisting on tags

They become valuable if recipients start insisting mail they receive be
tagged, and diverting untagged mail to a low-priority folder. And of
course diverting mail tagged in ways they don't wish to receive.

Such a scheme requires that Spammers be honest. There is evidence that many
would not be. However, it is possible that some laws may force them to be.

This area needs more research. If done, it should
relate to the time and manner of E-mail, not the content.

Digital Signature

For non-anonymous mail, a digital signature that verifies the sender has
many uses. Many want this for other purposes. Such a signature can
be used for reliable whitelisting and blacklisting. In addition, the
signature can come with a digital certificate stating the sender has
agreed to a certain code of E-mail ethics.

Recipients might insist on such a certificate. Or the simple fact that
the sender, and their ISP can be reliably identified may be enough to make
people willing to give E-mail access, with non-signed mail diverted.

Anonymous mail is impeded by this and other schemes. Anonymous mailers
must find some way to assert they are not abusing the system or recipients
may delay, redirect or filter their mail. Valid methods include the
use of remailers that protect identity and vouch for (or assure) non-abuse.

I support the building of a digital signature infrastructure, but
do not wish the government to be the sole certifying authority, and
want to assure that the infrastructure supports anonymous communication.

E-stamps

Once a digital signature and digital-money infrastructure comes into play
it is possible to implement an E-stamp scheme.

Such a system works regardless of borders, and allows anonymous mail without
abuse. However, it requires the build-up of lots of technical infrastructure
and the redesign of mail systems.

This idea might work in the future, but it's still a long way off.

Enforce anti-fraud, theft of service, impersonation laws

A good portion of Spams are illegal for other reasons. They make
fraudulent claims. They claim to have "remove" lists but don't. They
claim to be referrals from friends but they are not. They
bombard systems, acting like a denial-of-service attack. They provide
forged return addresses that are actually the addresses of innocent third
parties. Already some lawsuits in this area have been successful.

However, a significant number of Spams do not violate any laws directly, or
they could remove their illegal portion without major loss.

ISP User Contracts

Already many ISP "terms of service" (TOS) call for E-mail codes of conduct.
As this becomes more and more common, it may provide sufficient recourse.

Today a problem exists since most ISPs, to market their services, use free
trial accounts. They can't do anything with such accounts but shut them
off. Users of free trials are not easily held accountable for violations
of their TOS contract. The solution to that is below.

I support the power of ISPs and users to, as consenting contractual
parties, take steps to stop abuse of the net. However, they should only
do so with the consent of their users.

Open access to bulk mail only for agreement-bound users

Perhaps the most suitable non-governmental scheme would involve ISPs
only granting "open" access to E-mail ports on the internet to parties
who have agreed to a code of E-mail ethics. All others, as well as
anonymous mailers, would be allowed to only send mail to special
relaying servers. (Today most ISPs and ordinary users already mail via
such a scheme.)

The relaying servers would be programmed to mail for any (except perhaps
unrepentant abusers) but would "throttle" the volume of E-mail to enough
to handle the needs of non-bulk mailers. Ie. the server would allow
users on any given network or computer the ability to only send a few
messages per minute, per hour or per day.

This allows some abuse but the inherent limitations make the problem
tolerable.

Those wishing to send bulk mail, such as the operators of mailing lists,
would agree to a code of E-mail ethics.

Anonymous bulk E-mail would not be possible, except by arranging for another
party who has signed the code of ethics to act as a gateway. That party
would take responsibility for abuse by the anonymous party.

This, or a variant of it as described below may be the most effective
technological solution -- and one that will work globally.

New Bulk Protocol

Currently there is only one internet E-mail protocol, SMTP. If this were
split into one protocol for single (or low volume) mail and mass mailings,
it would be far easier to distinguish between them and put more limits on
bulk mail. These limits could apply only to new users or users who have
not yet agreed not to abuse the net. Attempts to do bulk mail using the
single mail protocol would be throttled, and if overdone would be a
"denial of service" computer intrusion.

ISP peering contracts

The internet works because ISPs "peer" (exchange data) with one another.
ISPs may eventually refuse to peer with ISPs that don't have anti-Spam
E-mail conduct codes in their TOS. It is unknown if this would be
restraint of trade.

I support ISPs working together to stop abuse, so long as it
is done fairly, with principles of appeal and complaint, and with the
knowledge and consent of users.

E-mail equivalent of "no trespassing" sign

The IETF could, and should, develop modifications to the E-mail protocols
to allow users and sites to put the electronic equivalent of a "no
trespassing" sign on their mailboxes. This sign would in effect say
"no unsolicited bulk E-mail from strangers" with perhaps some tunable
parameters to define how many messages a bulk mailing is.

Once defined, this sign can be given the same force of law as other signs
people place on their property to display policy, so that violating the
policy would be a tort.

This is about the only form of legal solution I would endorse. It may not
require any new law.

Mandatory compliance with opt-out

The law could compel senders of bulk E-mail to comply with an opting-out
system. They could require that "remove" lists be faithfully maintained,
or that a national opt-out list be supported.

The above "no UBE from strangers" sign is also an expression of an opt-out.

For technical reasons, because mail is often sent to a relaying server
that will not know the wishes of the final recipient, a tagging system
must also be in place so that the decision can be made further down the
chain.

Such rules are similar to rules that apply to postal service mail, phone
calls and the like. If a person asks you not to send them messages, you
should be required to comply.

As noted, these are the only sort of laws I might support. However, they
face the problem of all laws, namely that they apply only in one jurisdiction.